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Method of Restricting Software Operation within A License Limitation 



FIELD OF THE INVENTION 

This invention relates to a method and system of identifying and 
restricting an unauthorized software program's operation. 

5 BACKGROUND OF THE INVENTION 

Numerous methods have been devised for the identifying and 
restricting of unauthorized software program's operation. These methods 
have been primarily motivated by the grand proliferation of illegally copied 
software, which is ..engulfing the marketplace. This illegal copying represents 
1 0 billions of dollars in lost profits to commercial software developers. 

Software based products have been developed to validate authorized 
software usage by writing a license signature onto the computer's volatile 
memory (e.g. hard disk). These products may be appropriate for restricting 
honest software users, but they are very vulnerable to attack at the hands of 
15 skilled system's programmers (e.g. "hackers"). These license signatures are 
also subject to the physical instabilities of their volatile memory media. 

Hardware base products have also been developed to validate 
authorized software usage by accessing a dongle that is coupled e.g. to the 
parallel port of the P.C. These units are expensive, inconvenient, and not 




particularly suitable for software that may be sold by downloading (e.g. over 
the internet). 

There is accordingly a need in the art to provide for a system and 
method that substantially reduce or overcome the drawbacks of hitherto 
5 known solutions. 



SUMMARY OF THE INVENTION 

The present invention relates to a method of restricting software 
operation within a license limitation. This method strongly relies on the use of 
1 0 a key and of a record, which have been written into the non-volatile memory 
of a computer. 

For a better understanding of the underlying concept of the invention, 
there follows a specific non-limiting example. Thus, consider a conventional 
computer having a conventional BIOS module in which a key was embedded 

15 at the ROM section thereof, during manufacture. The key constitutes, 
effectively, a unique identification code for the host computer. It is important 
to note that the key is stored in a non-volatile portion of the BIOS,., i.e. it 
cannot be removed or modified. 

Further, according to the invention, each application program that is to 

20 be licensed to run on the specified computer, is associated with a license 
record; that consists of author name, program name and number of licensed 
users (for network). The license record may be held in either encrypted or 
explicit form. 

Now, there commences an initial license establishment procedure. 
25 where a verification structure is set in the BIOS so as to indicate that the 
specified program is licensed to run on the specified computer. This is 
implemented by encrypting the license record (or portion thereof) using said 
key (or portion thereof) exclusively or in conjunction with other identification 



information) as an encryption key. The resulting encrypted license record is 
stored in another (second) non- volatile section of the BIOS, e.g. E 2 PROM (or 
the ROM). It should be noted that unlike the first non-volatile section, the 
data in the second non-volatile memory may optionally be erased or modified 
5 (using E 2 PROM manipulation commands), so as to enable to add, modify or 
remove licenses. The actual format of the license may include a string of 
terms that correspond to a license registration entry (e.g. lookup table entry or 
entries) at a license registration bureau (which will be further described as 
part of the preferred embodiment of the present invention). 

1 0 Having placed the encrypted license record in the second non-volatile 

memory (e.g. the E 2 PROM), the process of verifying a license may be 
commenced. Thus, when a program is loaded into the memory of the 
computer, a so called license verifier application, that is a priori running in 
the computer, accesses the program under question, retrieves therefrom the 

15 license record, encrypts the record utilizing the specified unique key (as 
retrieved from the ROM section of the BIOS) and compares the so encrypted 
record to the encrypted records that reside in the E 2 PROM. In the case of 
- - match, the program is verified to run on the computer. If on the other hand the., 
sought encrypted data record is not found in the E~PROM database, this 

20 means that the program under question is not properly licensed and 
appropriate application define action is invoked (e.g. informing to the user on 
the unlicensed status, halting the operation of the program under question 
etc.) 

Those versed in the art will readily appreciate that any attempt to run a 
25 program at an unlicensed site will be immediately detected. Consider, for 
example, that a given application, say Lotus 123, is verified to run on a given 
computer having a first identification code (kl) stored in the ROM portion of 
the BIOS thereof. This obviously requires that the license record (LR) of the 
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application after having been encrypted using kl giving rise to (LR)ki is 
stored in the E 2 PROM of the first computer. 

Suppose now that a hacker attempts to run the specified application in 
a second computer having a second identification code (k2) stored in the 
5 ROM portion of the BIOS thereof. All or a portion the database contents 
(including of course (LR)ki ) that reside in the E 2 PROM portion in the first 
computer may be copied in a known per se means to the second computer. It 
is important to note that the hacker is unable to modify the key in the ROM of 
the second computer to Kl, since, as recalled, the contents of the ROM is 

1 0 established during manufacture and is practically invariable. 

Now, when the application under question is executed in the second 
computer, the license verifier retrieves said LR from the application and, as 
explained above, encrypts it using the key as retrieved from the ROM of the 
second computer, i.e k2 giving rise to encrypted license record (LR)k2. 

1 5 Obviously, the value (LR)k2 does- not reside in the E 2 PROM database section 
of the second computer (since it was not legitimately licensed) and therefore 
the specified application is invalidated. It goes without saying that the data 
-copied from the first (legitimate) computer is rendered useless, since 
comparing (LR)k2 with the copied value (LR)ki results, of course, in 

20 mismatch. 

The example above is given for clarity of explanation only and is by no 
means binding. 

In its broadest aspect, the invention provides for a method of 
restricting software operation within a license limitation including; for a 
25 computer having a first non-volatile memory area, a second non-volatile 
memory area, and a volatile memory area; the steps of: selecting a program 
residing in the volatile memory, setting up a verification structure in the 
non-volatile memories, verifying the program using the structure, and acting 
on the program according to the verification. 
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An important advantage in utilizing non-volatile memory such as that 
residing in the BIOS is that the required level of system programming 
expertise that is necessary to intercept or modify commands, interacting with 
the BIOS, is substantially higher than those needed for tampering with data 
5 residing in volatile memory such as hard disk. Furthermore, there is a much 
higher cost to the programmer, if his tampering is unsuccessful, i.e. if data 
residing in the BIOS (which is necessary for the computer's operability) is 
inadvertently changed by the hacker. This is too high of a risk for the ordinary 
software hacker to pay. Note that various recognized means for hindering the 

10 professional-like hacker may also be utilized (e.g. anti-debuggers, etc.) in 
conjunction with the present invention. 

In the context of the present invention, a "computer" relates to a digital 
data processor. These processors are found in personal computers, or on one 
or more processing cards in multi-processor machines. Today, a processor 

1 5 normally include a first non-volatile memory, a second non- volatile memory, 
and data linkage access to a volatile memory. There are also processors 
having only one non-volatile memory or having more than two non- volatile 
memories; all of which should be considered logically as relating to having a 
first and a second non-volatile memory areas. There are also computational 

20 environments where the volatile memory is distributed into numerous 
physical components, using a bus, LAN, etc.; all of which should logically be 
considered as being a volatile memory area. 

According to the preferred embodiment of the present invention, there 
is further provided a license authentication bureau which can participate in 

25 either or both of: 

(i) establishing the license record in the second non-volatile memory; 

and 



(ii) verifying if the key and license record in the non-volatile 
memory(s) is compatible with the license record information as extracted 
from the application under question. 

The bureau is a telecommunications accessible processor where 
5 functions such as formatting, encrypting, and verifying may be performed. 
Performing these or other functions at the bureau helps to limit the 
understanding of potential software hackers; since they can not observe how 
these functions are constructed. Additional security may also be achieved by 
forcing users of the bureau to register, collecting costs for connection to the 

1 0 bureau, logging transactions at the bureau, etc. 

According to one example of using the bureau, setting up a verification 
structure further includes the steps of: establishing, between the computer and 
the bureau, a two-way data-communications linkage; transferring, from the 
computer to the bureau, a request-for-license including an identification of the 

15 computer and the license-record's contents from the selected program; 
forming an encrypted license-record at the bureau by encrypting parts of the 
request-for-license using part of the identification as the encryption key; and 
transferring, from the bureau to the computer, the encrypted license-record. . 
According to another example. of using the bureau, verifying the 

20 program further includes the steps of: establishing, between the computer and 
the bureau, a two-way data-communications linkage; transferring, from the 
computer to the bureau, a request-for-license-verification including an 
identification of the computer, the encrypted license-record for the selected 
program from the second non-volatile memory, and the 

25 licensed-software-program's license-record contents; enabling the comparing 
at the bureau; and transferring, from the bureau to the computer, the result of 
the comparing. 

The actual key that serves for identifying the computer may be 
composed of the pseudo-unique key exclusively, or, if desired, in combination 
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! with information, e.g. information related to the registration of the user such 

; as e.g. place, telephone number, user name, license number, etc. In the context 

of the present invention, a "pseudo-unique" key may relate to a bit string 
■ which uniquely identifies each first non-volatile memory. Alternately the 

5 "pseudo-unique" key may relate to a random bit string (or to an assigned bit 
string) of sufficient length such that: there is an acceptably low probability of 
a successful unauthorized transfer of licensed software between two 
computers, where the first volatile memories of these two computers have the 
same key. 

1 0 It should be noted that the license bureau might maintain a registry of 

keys and of licensed programs that have been registered at the bureau in 
association with these keys. This registry may be used to help facilitate the 
formalization of procedures for the transfer of ownership of licensed software 
from use on one computer to use on another computer. 

1 5 Constructing the key in the manner specified may hinder the hacker in 

cracking the proposed encryption scheme of the invention, in particular when 
the establishment of the license record or the verification thereof is performed 
in the bureau. Those versed in the art will readily appreciate that the invention, 
is by no means bound by the data, the algorithms, or the manner of operation 

20 of the bureau. It should be noted that the tasks of establishing and/or verifying 
a license record may be shared between the bureau and the computer, done 
; exclusively at the computer, or done exclusively at the bureau. The 

pseudo-unique key length needs to be long enough to hinder encryption attack 
schemes. The establishing of the key may be done at any time from the 

25 non- volatile memory's manufacture until an attempted use of an established 
license-record in the non-volatile memory. The key is used for encryption or 
decryption operations associated with license-records. In principle, the 
manufacturer of the licensed-software-program may specify the 
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license-record format and therefore different formats may, if desired, be used 
for respective applications. 

According to the preferred embodiment of the present invention, the 
pseudo-unique key is a unique-identification bit string that is written onto the 
5 first non- volatile memory by the manufacturer of the is memory media. 

According to one, non-limiting, preferred embodiment of the present 
invention, the first non- volatile memory area is a ROM section of a BIOS; the 
second non- volatile memory area is a E 2 PROM section of a BIOS; and the 
volatile memory is a RAM e.g. hard disk and/or internal memory of the 
1 0 computer . 

The present invention also relates to a non-volatile memory media 
used as a BIOS of a computer, for restricting software operation within a 
license limitation, wherein a pseudo-unique key is established. 

According to the preferred embodiment of the non-volatile memory 
1 5 media of the present invention, the pseudo-unique key is established in a 
ROM section of the BIOS. 

BRIEF DESCRIPTION OF THE DRAWINGS: 

In order to understand the invention and to see how it may be carried 
20 out in practice, a preferred embodiment will now be described, by way of 
non-limiting example only, with reference to the accompanying drawings, in 
which: 

Fig. 1 is a schematic diagram of a computer and a license bureau; and 
Fig. 2 is a generalized flow chart of the sequence of operations 
25 performed according to one embodiment of the invention. 



DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT 

A schematic diagram of a computer and a license bureau is shown in 
Figure 1. Thus, a computer processor (1) is associated with input 'operations 
(2) and with output operations (3). This computer (processor) internally 
5 contains a first non-volatile memory area (4) (e.g. the ROM section of the 
BIOS), a second non-volatile memory area (5) (e.g. the E PROM section of 
the BIOS), and a volatile memory area (6) (e.g. the internal RAM memory of 
the computer). 

The computer processor is in temporary telecommunications linkage 
1 0 with a license bureau (7). 

The first non- volatile memory includes a pseudo-random identification 
key (8), which exclusively or in combination with other information (e.g. user 
name), is sufficient to uniquely differentiate this first non-volatile memory 
from all other first non-volatile memories. As specified before, said key 
1 5 constitutes unique identification of the computer. 

The second non-volatile memory includes a license-record-area (9) 
e.g. for the containing . of at least one encrypted license-record (e.g. three 
records 10-12). The volatile memory accommodates a license program (16) 
having license record fields (13-15) appended thereto. By way of example 
20 said fields stand for Application name (e.g. Lotus 123), Vendor name (Lotus 
inc.), and no of licensed copies (1 for stand alone usage, >1 for number of 
licensed users for a network application). 

Those versed in the art will readily appreciate that the license record is 
not necessarily bound to continuos fields. In fact, the various license content 
25 components of the data record may be embedded in various locations in the 
application. Any component may, if desired, be encrypted. 

Each one of the encrypted license records (10-12) is obtained by 
encrypting the corresponding license record as extracted from program 16, 
utilizing for encryption the identification key (8). 
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In a typical, yet not exclusive, sequence of operation, a 
transaction/request is sent, by the computer to the bureau. This transaction 
includes the key (8), the encrypted license-records (10-12), contents from the 
license program used in forming a license record (e.g. fields 13-15), and other 
5 items of information as desired. 

The bureau forms the proposed license-record from the contents, 
encrypts (utilizing predetermined encryption algorithm) the so formed 
license-record using the key (8), and compares the so formed encrypted 
license-record with the license-records (10-12). The bureau generates an 
10 overlay according to the result of the comparison indication successful 
comparison, non-critical failure comparison and critical failure comparison. 

The bureau returns the overlay which will direct the computer in 
subsequent operation. Thus, a success overlay will allow the license program 
to operate. A non-critical failure overlay will ask for additional user 
1 5 interactions. A critical failure overlay will cause permanent disruption to the 
computer's BIOS operations. Thus, software operation of the program is 
methodologically according to a license limitation restriction. 

Those versed, in the art. will readily appreciate that the implementation 
as described with reference to Fig. 1 is by no means binding. Thus, by way of 
20 non-limiting example, the bureau, instead of being external entity may form 
part of the computer. 

Attention is now directed to Fig. 2, showing a generalized flow chart 
of the sequence of operations performed according to one embodiment of the 
invention. 

25 Thus, selecting (17) a program includes the step of: establishing a 

licensed-software-program in the volatile memory of the computer wherein 
the licensed-software-program includes contents used to form a 
license-record. These contents, be they centralize or decentralized, may 
include terms, identifications, specifications, or limitations related to the 
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manufacturer of a software product, the distributor of a software product, the 
purchaser of a software product, a licensor, a licensee, items of computer 
hardware or components thereof, or to other terms and conditions related to 
the aforesaid. 

5 Setting up (18) the verification structure includes the steps of: 

establishing or certifying the existence of a pseudo-unique key in the first 
non-volatile memory area; and establishing at least one license-record 
location in the first or the second nonvolatile memory area. 

Establishing a license-record includes the steps of: forming a 

10 license-record by encrypting of the contents used to form a license-record 
with other predetermined data contents, using the key; and establishing the 
encrypted license-record in one of the at least one established license-record 
locations (e.g. 10-12 in Figure 1). 

Verifying (19) the program includes the steps of: encrypting the 

IS licensed-software-program's license-record contents from the volatile - 
memory area or decrypting the license-record in the first or the second 
non- volatile memory area, using the key; and comparing the encrypted 
licensed-software-program's license-record contents with the encrypted 
license-record in the first or the second non-volatile memory area, or 

20 comparing the licensed-software-program's license-record contents with the 
decrypted license-record in the first or the second non- volatile memory area. 

Acting (20) on the program includes the step of: restricting the 
program's operation with predetermined limitations if the comparing yields 
non-unity or insufficiency. In this context "non-unity" relates to being unequal 

25 with respect to a specific equation (e.g. A=B+1); and "insufficiency" relates 
to being outside of a relational bound (e.g. A>B+1). "Restricting the 
program's operation with predetermined limitations" may include actions 
such as erasing the software in volatile memory, warning the license 
applicant/user, placing a fine on the applicant/user through the billing service 
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charges collected at the license bureau (if applicable), or scrambling sections 
of the BIOS of the computer (or of functions interacting therewith). 

The present invention has been described with a certain- degree of 
particularity but it should be understood that various modifications and 
alterations may be made without departing from the scope or spirit of the 
invention as defined by the following claims: 
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CLAIMS: 

1. A method of restricting software operation within, a license 
limitation comprising; for a computer having a first non-volatile memory 
area, a second non-volatile memory area, and a volatile memory area; the 

5 steps of: selecting a program residing in the volatile memory, setting up a 
verification structure in the non-volatile memories, verifying the program 
using the structure, and acting on the program according to the verification. 

2. A method according to claim 1, further comprising the step of: 
establishing a license authentication bureau. 

10 3. A method according to claim 2, wherein setting up a verification 

structure further comprising the steps of: establishing, between the computer 
and the bureau, a two-way data-communications linkage; transferring, from 
the computer to the bureau, a request-for-license including an identification of 
the computer and the license-record's contents from the selected program; 

1 5 forming an encrypted license-record at the bureau by encrypting parts of the 
request-for-license using part of the identification as the encryption key; and 
transferring, from the bureau to the computer, the encrypted license-record. 

4. A method according to claim 2, wherein verifying the program 
further comprising the steps of: establishing, between the computer and the 

20 bureau, a two-way data-communications linkage; transferring, from the 
computer to the bureau, a request-for-license-verification including an 
identification of the computer, the encrypted license-record for the selected 
program from the second non-volatile memory, and the 
licensed-software-program's license-record contents; enabling the comparing 

25 at the bureau; and transferring, from the bureau to the computer, the result of 
the comparing. 

5. A method according to any of claims 3 or 4 wherein the 
identification of the computer includes the pseudo-unique key. 
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6. A method according to claims 1 or 2 wherein selecting a program 
includes the step of: establishing a licensed-software-program in the volatile 
memory of the computer wherein said licensed-software-program includes 
contents used to form a license-record. 
5 7. A method according to claims 1 or 2 wherein setting up the 

verification structure includes the steps of: establishing or certifying the 
existence of a pseudo-unique key in the first non-volatile memory area; and 
establishing at least one license-record location in the first or the second 
nonvolatile memory area. 

10 8. A method according to claims 6 and 7 wherein establishing a 

license-record includes the steps of: forming a license-record by encrypting of 
the contents used to form a license-record with other predetermined data 
contents, using the key; and establishing the encrypted license-record in one 
of the at least one established license-record locations. 

15 9. A method according to claims 1 or 2 wherein verifying the program 

includes the steps of: encrypting the licensed-software-program's 
license-record contents from the volatile memory area or decrypting the 
license-record in the first or the second non- volatile memory area, using the 
key; and comparing the encrypted licensed-software-program's license-record 

20 contents with the encrypted license-record in the first or the second 
non- volatile memory area, or comparing the licensed-software-program's 
license-record contents with the decrypted license-record in the first or the 
second non- volatile memory area. 

10. A method according to any of claims 1 or 9 wherein acting on the 
25 program includes the step of: restricting the program's operation with 

predetermined limitations if the comparing yields non-unity or insufficiency. 

11. A method according to claim 1 wherein the first non- volatile 
memory area is a ROM section of a BIOS. 
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12. A method according to claim 1 wherein the second non- volatile 
memory area is a E 2 PROM section of a BIOS. 

13. A method according to claim 1 wherein the volatile memory is a 

RAM. 

14. A non-volatile memory media used as a BIOS of a computer, for 
restricting software operation within a license limitation, wherein a 
pseudo-unique key is established. 

. 15.. A non-volatile memory media according to claim 14 wherein the 
pseudo-unique key is established in a ROM section of the BIOS. 



For the Applicants, 

REENHOLD COHN AND PARTNERS 

By: 
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